ansible-roles/minifirewall/tasks/nrpe.yml

---

- include_role:
    name: remount-usr

- name: /usr/share/scripts exists
  file:
    dest: /usr/share/scripts
    mode: "0700"
    owner: root
    group: root
    state: directory

- name: minifirewall_status is installed
  copy:
    src: minifirewall_status
    dest: /usr/share/scripts/minifirewall_status
    force: no
    mode: "0700"
    owner: root
    group: root

- name: /usr/local/lib/nagios/plugins/ exists
  file:
    dest: "{{ item }}"
    mode: "02755"
    owner: root
    group: staff
    state: directory
  with_items:
    - /usr/local/lib/nagios
    - /usr/local/lib/nagios/plugins

- name: check_minifirewall is installed
  copy:
    src: check_minifirewall
    dest: /usr/local/lib/nagios/plugins/check_minifirewall
    force: no
    mode: "0755"
    owner: root
    group: staff

- name: check_minifirewall is available for NRPE
  lineinfile:
    dest: /etc/nagios/nrpe.d/evolix.cfg
    regexp: 'command\[check_minifirewall\]'
    line: 'command[check_minifirewall]=sudo /usr/local/lib/nagios/plugins/check_minifirewall'
  notify: restart nagios-nrpe-server

- name: sudo without password for nagios
  lineinfile:
    dest: /etc/sudoers.d/evolinux
    regexp: 'check_minifirewall'
    line: 'nagios          ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall'
    insertafter: '^nagios'
    validate: "visudo -cf %s"
Add minifirewal_status and check_minifirewall minifirewall_status returns "started" on stdout and exit code 0, or "stopped" on stdout and exit code 1. The state of minifirewall is determined by looking for common iptables rules applied by minifirewall. check_minifirewall is an NRPE plugin for minifirewall. It returns: * 0 (OK) if the firewall state is consistent with its configuration (from the alert5 script) * 1 (WARNING) if the firewall is started but alert5 is not configured properly * 2 (CRITICAL) if the firewall is not running but it should be. 2018-04-02 21:04:26 +02:00			`---`

			`- include_role:`
			`name: remount-usr`

			`- name: /usr/share/scripts exists`
			`file:`
			`dest: /usr/share/scripts`
			`mode: "0700"`
			`owner: root`
			`group: root`
			`state: directory`

			`- name: minifirewall_status is installed`
			`copy:`
			`src: minifirewall_status`
			`dest: /usr/share/scripts/minifirewall_status`
			`force: no`
			`mode: "0700"`
			`owner: root`
			`group: root`

			`- name: /usr/local/lib/nagios/plugins/ exists`
			`file:`
			`dest: "{{ item }}"`
			`mode: "02755"`
			`owner: root`
			`group: staff`
			`state: directory`
			`with_items:`
			`- /usr/local/lib/nagios`
			`- /usr/local/lib/nagios/plugins`

			`- name: check_minifirewall is installed`
			`copy:`
			`src: check_minifirewall`
			`dest: /usr/local/lib/nagios/plugins/check_minifirewall`
			`force: no`
			`mode: "0755"`
			`owner: root`
			`group: staff`

			`- name: check_minifirewall is available for NRPE`
			`lineinfile:`
			`dest: /etc/nagios/nrpe.d/evolix.cfg`
			`regexp: 'command\[check_minifirewall\]'`
			`line: 'command[check_minifirewall]=sudo /usr/local/lib/nagios/plugins/check_minifirewall'`
			`notify: restart nagios-nrpe-server`

			`- name: sudo without password for nagios`
			`lineinfile:`
			`dest: /etc/sudoers.d/evolinux`
			`regexp: 'check_minifirewall'`
			`line: 'nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall'`
			`insertafter: '^nagios'`
			`validate: "visudo -cf %s"`